September 2024 - Linux-stable-mirror

[REGRESSION]: cephfs: file corruption when reading content via in-kernel ceph client

by Christian Ebner

Hi, some of our customers (Proxmox VE) are seeing issues with file corruptions when accessing contents located on CephFS via the in-kernel Ceph client [0,1], we managed to reproduce this regression on kernels up to the latest 6.11-rc6. Accessing the same content on the CephFS using the FUSE client or the in-kernel ceph client with older kernels (Ubuntu kernel on v6.5) does not show file corruptions. Unfortunately the corruption is hard to reproduce, seemingly only a small subset of files is affected. However, once a file is affected, the issue is persistent and can easily be reproduced. Bisection with the reproducer points to this commit: "92b6cc5d: netfs: Add iov_iters to (sub)requests to describe various buffers" Description of the issue: A file was copied from local filesystem to cephfs via: ``` cp /tmp/proxmox-backup-server_3.2-1.iso /mnt/pve/cephfs/proxmox-backup-server_3.2-1.iso ``` * sha256sum on local filesystem:`1d19698e8f7e769cf0a0dcc7ba0018ef5416c5ec495d5e61313f9c84a4237607 /tmp/proxmox-backup-server_3.2-1.iso` * sha256sum on cephfs with kernel up to above commit: `1d19698e8f7e769cf0a0dcc7ba0018ef5416c5ec495d5e61313f9c84a4237607 /mnt/pve/cephfs/proxmox-backup-server_3.2-1.iso` * sha256sum on cephfs with kernel after above commit: `89ad3620bf7b1e0913b534516cfbe48580efbaec944b79951e2c14e5e551f736 /mnt/pve/cephfs/proxmox-backup-server_3.2-1.iso` * removing and/or recopying the file does not change the issue, the corrupt checksum remains the same. * accessing the same file from different clients results in the same output: the one with above patch applied do show the incorrect checksum, ones without the patch show the correct checksum. * the issue persists even across reboot of the ceph cluster and/or clients. * the file is indeed corrupt after reading, as verified by a `cmp -b`. Interestingly, the first 4M contain the correct data, the following 4M are read as all zeros, which differs from the original data. * the issue is related to the readahead size: mounting the cephfs with a `rasize=0` makes the issue disappear, same is true for sizes up to 128k (please note that the ranges as initially reported on the mailing list [3] are not correct for rasize [0..128k] the file is not corrupted). In the bugtracker issue [4] I attached a ftrace with "*ceph*" as filter while performing a read on the latest kernel 6.11-rc6 while performing ``` dd if=/mnt/pve/cephfs/proxmox-backup-server_3.2-1.iso of=/tmp/test.out bs=8M count=1 ``` the relevant part shown by task `dd-26192`. Please let me know if I can provide further information or debug outputs in order to narrow down the issue. [0] https://forum.proxmox.com/threads/78340/post-676129 [1] https://forum.proxmox.com/threads/149249/ [2] https://forum.proxmox.com/threads/151291/ [3] https://lore.kernel.org/lkml/db686d0c-2f27-47c8-8c14-26969433b13b@proxmox.c… [4] https://bugzilla.kernel.org/show_bug.cgi?id=219237 #regzbot introduced: 92b6cc5d Regards, Christian Ebner

2 weeks, 2 days

4
9
0 0

[PATCH] irqchip/sifive-plic: Unmask interrupt in plic_irq_enable()

by Nam Cao

It is possible that an interrupt is disabled and masked at the same time. When the interrupt is enabled again by enable_irq(), only plic_irq_enable() is called, not plic_irq_unmask(). The interrupt remains masked and never raises. An example where interrupt is both disabled and masked is when handle_fasteoi_irq() is the handler, and IRQS_ONESHOT is set. The interrupt handler: 1. Mask the interrupt 2. Handle the interrupt 3. Check if interrupt is still enabled, and unmask it (see cond_unmask_eoi_irq()) If another task disables the interrupt in the middle of the above steps, the interrupt will not get unmasked, and will remain masked when it is enabled in the future. The problem is occasionally observed when PREEMPT_RT is enabled, because PREEMPT_RT add the IRQS_ONESHOT flag. But PREEMPT_RT only makes the problem more likely to appear, the bug has been around since commit a1706a1c5062 ("irqchip/sifive-plic: Separate the enable and mask operations"). Fix it by unmasking interrupt in plic_irq_enable(). Fixes: a1706a1c5062 ("irqchip/sifive-plic: Separate the enable and mask operations"). Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: stable(a)vger.kernel.org --- drivers/irqchip/irq-sifive-plic.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/irqchip/irq-sifive-plic.c b/drivers/irqchip/irq-sifive-plic.c index 2f6ef5c495bd..0efbf14ec9fa 100644 --- a/drivers/irqchip/irq-sifive-plic.c +++ b/drivers/irqchip/irq-sifive-plic.c @@ -128,6 +128,9 @@ static inline void plic_irq_toggle(const struct cpumask *mask, static void plic_irq_enable(struct irq_data *d) { + struct plic_priv *priv = irq_data_get_irq_chip_data(d); + + writel(1, priv->regs + PRIORITY_BASE + d->hwirq * PRIORITY_PER_ID); plic_irq_toggle(irq_data_get_effective_affinity_mask(d), d, 1); } -- 2.39.5

2 weeks, 2 days

2
1
0 0

[PATCH] drm/panthor: Don't add write fences to the shared BOs

by Boris Brezillon

The only user (the mesa gallium driver) is already assuming explicit synchronization and doing the export/import dance on shared BOs. The only reason we were registering ourselves as writers on external BOs is because Xe, which was the reference back when we developed Panthor, was doing so. Turns out Xe was wrong, and we really want bookkeep on all registered fences, so userspace can explicitly upgrade those to read/write when needed. Fixes: 4bdca1150792 ("drm/panthor: Add the driver frontend block") Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Simona Vetter <simona.vetter(a)ffwll.ch> Cc: <stable(a)vger.kernel.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)collabora.com> --- drivers/gpu/drm/panthor/panthor_sched.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/drivers/gpu/drm/panthor/panthor_sched.c b/drivers/gpu/drm/panthor/panthor_sched.c index 9a0ff48f7061..41260cf4beb8 100644 --- a/drivers/gpu/drm/panthor/panthor_sched.c +++ b/drivers/gpu/drm/panthor/panthor_sched.c @@ -3423,13 +3423,8 @@ void panthor_job_update_resvs(struct drm_exec *exec, struct drm_sched_job *sched { struct panthor_job *job = container_of(sched_job, struct panthor_job, base); - /* Still not sure why we want USAGE_WRITE for external objects, since I - * was assuming this would be handled through explicit syncs being imported - * to external BOs with DMA_BUF_IOCTL_IMPORT_SYNC_FILE, but other drivers - * seem to pass DMA_RESV_USAGE_WRITE, so there must be a good reason. - */ panthor_vm_update_resvs(job->group->vm, exec, &sched_job->s_fence->finished, - DMA_RESV_USAGE_BOOKKEEP, DMA_RESV_USAGE_WRITE); + DMA_RESV_USAGE_BOOKKEEP, DMA_RESV_USAGE_BOOKKEEP); } void panthor_sched_unplug(struct panthor_device *ptdev) -- 2.46.0

2 weeks, 3 days

4
4
0 0

[PATCH] drm/panthor: Don't declare a queue blocked if deferred operations are pending

by Boris Brezillon

If deferred operations are pending, we want to wait for those to land before declaring the queue blocked on a SYNC_WAIT. We need this to deal with the case where the sync object is signalled through a deferred SYNC_{ADD,SET} from the same queue. If we don't do that and the group gets scheduled out before the deferred SYNC_{SET,ADD} is executed, we'll end up with a timeout, because no external SYNC_{SET,ADD} will make the scheduler reconsider the group for execution. Fixes: de8548813824 ("drm/panthor: Add the scheduler logical block") Cc: <stable(a)vger.kernel.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)collabora.com> --- drivers/gpu/drm/panthor/panthor_sched.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/panthor/panthor_sched.c b/drivers/gpu/drm/panthor/panthor_sched.c index 41260cf4beb8..201d5e7a921e 100644 --- a/drivers/gpu/drm/panthor/panthor_sched.c +++ b/drivers/gpu/drm/panthor/panthor_sched.c @@ -1103,7 +1103,13 @@ cs_slot_sync_queue_state_locked(struct panthor_device *ptdev, u32 csg_id, u32 cs list_move_tail(&group->wait_node, &group->ptdev->scheduler->groups.waiting); } - group->blocked_queues |= BIT(cs_id); + + /* The queue is only blocked if there's no deferred operation + * pending, which can be checked through the scoreboard status. + */ + if (!cs_iface->output->status_scoreboards) + group->blocked_queues |= BIT(cs_id); + queue->syncwait.gpu_va = cs_iface->output->status_wait_sync_ptr; queue->syncwait.ref = cs_iface->output->status_wait_sync_value; status_wait_cond = cs_iface->output->status_wait & CS_STATUS_WAIT_SYNC_COND_MASK; -- 2.46.0

2 weeks, 3 days

3
3
0 0

[PATCH v2] drm/panthor: Fix access to uninitialized variable in tick_ctx_cleanup()

by Boris Brezillon

The group variable can't be used to retrieve ptdev in our second loop, because it points to the previously iterated list_head, not a valid group. Get the ptdev object from the scheduler instead. Cc: <stable(a)vger.kernel.org> Fixes: d72f049087d4 ("drm/panthor: Allow driver compilation") Reported-by: kernel test robot <lkp(a)intel.com> Reported-by: Julia Lawall <julia.lawall(a)inria.fr> Closes: https://lore.kernel.org/r/202409302306.UDikqa03-lkp@intel.com/ Signed-off-by: Boris Brezillon <boris.brezillon(a)collabora.com> --- drivers/gpu/drm/panthor/panthor_sched.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/panthor/panthor_sched.c b/drivers/gpu/drm/panthor/panthor_sched.c index 201d5e7a921e..24ff91c084e4 100644 --- a/drivers/gpu/drm/panthor/panthor_sched.c +++ b/drivers/gpu/drm/panthor/panthor_sched.c @@ -2052,6 +2052,7 @@ static void tick_ctx_cleanup(struct panthor_scheduler *sched, struct panthor_sched_tick_ctx *ctx) { + struct panthor_device *ptdev = sched->ptdev; struct panthor_group *group, *tmp; u32 i; @@ -2060,7 +2061,7 @@ tick_ctx_cleanup(struct panthor_scheduler *sched, /* If everything went fine, we should only have groups * to be terminated in the old_groups lists. */ - drm_WARN_ON(&group->ptdev->base, !ctx->csg_upd_failed_mask && + drm_WARN_ON(&ptdev->base, !ctx->csg_upd_failed_mask && group_can_run(group)); if (!group_can_run(group)) { @@ -2083,7 +2084,7 @@ tick_ctx_cleanup(struct panthor_scheduler *sched, /* If everything went fine, the groups to schedule lists should * be empty. */ - drm_WARN_ON(&group->ptdev->base, + drm_WARN_ON(&ptdev->base, !ctx->csg_upd_failed_mask && !list_empty(&ctx->groups[i])); list_for_each_entry_safe(group, tmp, &ctx->groups[i], run_node) { -- 2.46.0

2 weeks, 3 days

2
2
0 0

[PATCH 00/10] (no cover subject)

by Vikram Sharma

SC7280 is a Qualcomm SoC. This series adds support to bring up the CSIPHY, CSID, VFE/RDI interfaces in SC7280. SC7280 provides - 3 x VFE, 3 RDI per VFE - 2 x VFE Lite, 4 RDI per VFE - 3 x CSID - 2 x CSID Lite - 5 x CSI PHY The changes are verified on SC7280 qcs6490-rb3gen2-vision board, the base dts for qcs6490-rb3gen2 is: https://lore.kernel.org/all/20231103184655.23555-1-quic_kbajaj@quicinc.com/ V1 for this series: https://lore.kernel.org/linux-arm-msm/20240629-camss_first_post_linux_next-… Changes in V2: 1) Improved indentation/formatting. 2) Removed _src clocks and misleading code comments. 3) Added name fields for power domains and csid register offset in DTSI. 4) Dropped minItems field from YAML file. 5) Listed changes in alphabetical order. 6) Updated description and commit text to reflect changes 7) Changed the compatible string from imx412 to imx577. 8) Added board-specific enablement changes in the newly created vision board DTSI file. 9) Fixed bug encountered during testing. 10) Moved logically independent changes to a new/seprate patch. 11) Removed cci0 as no sensor is on this port and MCLK2, which was a copy-paste error from the RB5 board reference. 12) Added power rails, referencing the RB5 board. 13) Discarded Patch 5/6 completely (not required). 14) Removed unused enums. To: Robert Foss <rfoss(a)kernel.org> To: Todor Tomov <todor.too(a)gmail.com> To: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> To: Mauro Carvalho Chehab <mchehab(a)kernel.org> To: Rob Herring <robh(a)kernel.org> To: Krzysztof Kozlowski <krzk+dt(a)kernel.org> To: Conor Dooley <conor+dt(a)kernel.org> To: Kapatrala Syed <akapatra(a)quicinc.com> To: Hariram Purushothaman <hariramp(a)quicinc.com> To: Bjorn Andersson <andersson(a)kernel.org> To: Konrad Dybcio <konradybcio(a)kernel.org> To: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> To: cros-qcom-dts-watchers(a)chromium.org To: Catalin Marinas <catalin.marinas(a)arm.com> To: Will Deacon <will(a)kernel.org> Cc: linux-arm-msm(a)vger.kernel.org Cc: linux-media(a)vger.kernel.org Cc: devicetree(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Cc: linux-arm-kernel(a)lists.infradead.org Test-by: Vikram Sharma <quic_vikramsa(a)quicinc.com> Signed-off-by: Vikram Sharma <quic_vikramsa(a)quicinc.com> --- Suresh Vankadara (1): media: qcom: camss: Add support for camss driver on SC7280 Vikram Sharma (9): media: dt-bindings: media: camss: Add qcom,sc7280-camss binding media: dt-bindings: media: qcs6490-rb3gen2-vision-mezzanine: Add dt bindings media: qcom: camss: Fix potential crash if domain attach fails media: qcom: camss: Sort CAMSS version enums and compatible strings media: qcom: camss: Add camss_link_entities_v2 arm64: dts: qcom: sc7280: Add support for camss arm64: dts: qcom: qcs6490-rb3gen2-vision-mezzanine: Enable IMX577 sensor arm64: dts: qcom: sc7280: Add default and suspend states for GPIO arm64: defconfig: Enable camcc driver for SC7280 Documentation/devicetree/bindings/arm/qcom.yaml | 1 + .../bindings/media/qcom,sc7280-camss.yaml | 441 +++++++++++++++++++++ arch/arm64/boot/dts/qcom/Makefile | 1 + .../dts/qcom/qcs6490-rb3gen2-vision-mezzanine.dts | 61 +++ arch/arm64/boot/dts/qcom/sc7280.dtsi | 208 ++++++++++ arch/arm64/configs/defconfig | 1 + drivers/media/platform/qcom/camss/camss-csid.c | 1 - .../platform/qcom/camss/camss-csiphy-3ph-1-0.c | 13 +- drivers/media/platform/qcom/camss/camss-csiphy.c | 5 + drivers/media/platform/qcom/camss/camss-csiphy.h | 1 + drivers/media/platform/qcom/camss/camss-vfe.c | 8 +- drivers/media/platform/qcom/camss/camss.c | 400 ++++++++++++++++++- drivers/media/platform/qcom/camss/camss.h | 1 + 13 files changed, 1131 insertions(+), 11 deletions(-) --- base-commit: fdadd93817f124fd0ea6ef251d4a1068b7feceba change-id: 20240904-camss_on_sc7280_rb3gen2_vision_v2_patches-15c195fb3f12 Best regards, -- Vikram Sharma <quic_vikramsa(a)quicinc.com>

2 weeks, 3 days

6
14
0 0

[PATCH 6.10 00/58] 6.10.12-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.10.12 release. There are 58 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 29 Sep 2024 12:17:00 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.10.12-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.10.12-rc1 Edward Adam Davis <eadavis(a)qq.com> USB: usbtmc: prevent kernel-usb-infoleak Junhao Xie <bigfoot(a)classfun.cn> USB: serial: pl2303: add device id for Macrosilicon MS3020 Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: move mcp251xfd_timestamp_start()/stop() into mcp251xfd_chip_start/stop() Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: properly indent labels Keith Busch <kbusch(a)kernel.org> nvme-pci: qdepth 1 quirk Kiran K <kiran.k(a)intel.com> Bluetooth: btintel_pcie: Allocate memory for driver private data Dan Carpenter <dan.carpenter(a)linaro.org> netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level() Florian Westphal <fw(a)strlen.de> netfilter: nft_socket: make cgroupsv2 matching work with namespaces Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> powercap/intel_rapl: Fix the energy-pkg event for AMD CPUs Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> powercap/intel_rapl: Add support for AMD family 1Ah Michał Winiarski <michal.winiarski(a)intel.com> drm: Expand max DRM device number to full MINORBITS Michał Winiarski <michal.winiarski(a)intel.com> accel: Use XArray instead of IDR for minors Michał Winiarski <michal.winiarski(a)intel.com> drm: Use XArray instead of IDR for minors Ferry Meng <mengferry(a)linux.alibaba.com> ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() Ferry Meng <mengferry(a)linux.alibaba.com> ocfs2: add bounds checking to ocfs2_xattr_find_entry() Geert Uytterhoeven <geert+renesas(a)glider.be> spi: spidev: Add missing spi_device_id for jg10309-01 Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/pm: fix the pp_dpm_pcie issue on smu v14.0.2/3 zhang jiao <zhangjiao2(a)cmss.chinamobile.com> tools: hv: rm .*.cmd when make clean Michael Kelley <mhklinux(a)outlook.com> x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency Larysa Zaremba <larysa.zaremba(a)intel.com> ice: check for XDP rings instead of bpf program when unconfiguring Luke D. Jones <luke(a)ljones.dev> platform/x86/amd: pmf: Make ASUS GA403 quirk generic Paulo Alcantara <pc(a)manguebit.com> smb: client: fix hang in wait_for_response() for negproto Liao Chen <liaochen4(a)huawei.com> spi: bcm63xx: Enable module autoloading hongchi.peng <hongchi.peng(a)siengine.com> drm: komeda: Fix an issue related to normalized zpos Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ALSA: hda: add HDMI codec ID for Intel PTL Neil Armstrong <neil.armstrong(a)linaro.org> clk: qcom: gcc-sm8650: Don't use shared clk_ops for QUPs Markuss Broks <markuss.broks(a)gmail.com> ASoC: amd: yc: Add a quirk for MSI Bravo 17 (D7VEK) Fabio Estevam <festevam(a)gmail.com> spi: spidev: Add an entry for elgin,jg10309-01 Zhang Yi <zhangyi(a)everest-semi.com> ASoC: mediatek: mt8188-mt6359: Modify key Liao Chen <liaochen4(a)huawei.com> ASoC: fix module autoloading Liao Chen <liaochen4(a)huawei.com> ASoC: tda7419: fix module autoloading Liao Chen <liaochen4(a)huawei.com> ASoC: google: fix module autoloading Liao Chen <liaochen4(a)huawei.com> ASoC: intel: fix module autoloading Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: soc-acpi-cht: Make Lenovo Yoga Tab 3 X90F DMI match less strict Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: mcp251xfd_ring_init(): check TX-coalescing configuration Markus Schneider-Pargmann <msp(a)baylibre.com> can: m_can: Limit coalescing to peripheral instances Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: clear trans->state earlier upon error Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mac80211: free skb on error path in ieee80211_beacon_get_ap() Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: pause TCM when the firmware is stopped Daniel Gabay <daniel.gabay(a)intel.com> wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room() Daniel Gabay <daniel.gabay(a)intel.com> wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: lower message level for FW buffer destination Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Invalidate guest steal time address on vCPU reset Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Define ARCH_IRQ_INIT_FLAGS as IRQ_NOPROBE Jacky Chou <jacky_chou(a)aspeedtech.com> net: ftgmac100: Ensure tx descriptor updates are visible Hans de Goede <hdegoede(a)redhat.com> platform/x86: x86-android-tablets: Make Lenovo Yoga Tab 3 X90F DMI match less strict Mathieu Fenniak <mathieu(a)fenniak.net> platform/x86: asus-wmi: Fix spurious rfkill on UX8406MA Mike Rapoport <rppt(a)kernel.org> microblaze: don't treat zero reserved memory regions as error Ross Brown <true.robot.ross(a)gmail.com> hwmon: (asus-ec-sensors) remove VRM temp X570-E GAMING Thomas Blocher <thomas.blocher(a)ek-dev.de> pinctrl: at91: make it work with current gpiolib Sherry Yang <sherry.yang(a)oracle.com> scsi: lpfc: Fix overflow build issue Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - FIxed ALC285 headphone no sound Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fixed ALC256 headphone no sound Hongbo Li <lihongbo22(a)huawei.com> ASoC: allow module autoloading for table board_ids Hongbo Li <lihongbo22(a)huawei.com> ASoC: allow module autoloading for table db1200_pids YR Yang <yr.yang(a)mediatek.com> ASoC: mediatek: mt8188: Mark AFE_DAC_CON0 register as volatile Albert Jakieła <jakiela(a)google.com> ASoC: SOF: mediatek: Add missing board compatible ------------- Diffstat: Makefile | 4 +- arch/loongarch/include/asm/hw_irq.h | 2 + arch/loongarch/include/asm/kvm_vcpu.h | 1 - arch/loongarch/kernel/irq.c | 3 - arch/loongarch/kvm/timer.c | 7 -- arch/loongarch/kvm/vcpu.c | 2 +- arch/microblaze/mm/init.c | 5 - arch/x86/kernel/cpu/mshyperv.c | 1 + drivers/accel/drm_accel.c | 110 ++------------------- drivers/bluetooth/btintel_pcie.c | 2 +- drivers/clk/qcom/gcc-sm8650.c | 56 +++++------ .../gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 3 + drivers/gpu/drm/arm/display/komeda/komeda_kms.c | 10 +- drivers/gpu/drm/drm_drv.c | 97 +++++++++--------- drivers/gpu/drm/drm_file.c | 2 +- drivers/gpu/drm/drm_internal.h | 4 - drivers/hwmon/asus-ec-sensors.c | 2 +- drivers/net/can/m_can/m_can.c | 16 +-- drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 42 ++++---- drivers/net/can/spi/mcp251xfd/mcp251xfd-dump.c | 2 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-regmap.c | 2 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-ring.c | 14 ++- drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c | 2 +- .../net/can/spi/mcp251xfd/mcp251xfd-timestamp.c | 7 +- drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 1 + drivers/net/ethernet/faraday/ftgmac100.c | 26 +++-- drivers/net/ethernet/intel/ice/ice_lib.c | 4 +- drivers/net/ethernet/intel/ice/ice_main.c | 4 +- drivers/net/ethernet/intel/ice/ice_xsk.c | 6 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 2 +- drivers/net/wireless/intel/iwlwifi/iwl-trans.h | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 9 +- drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 31 +++--- .../wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c | 3 +- drivers/nvme/host/nvme.h | 5 + drivers/nvme/host/pci.c | 18 ++-- drivers/pinctrl/pinctrl-at91.c | 5 +- drivers/platform/x86/amd/pmf/pmf-quirks.c | 2 +- drivers/platform/x86/asus-nb-wmi.c | 20 +++- drivers/platform/x86/asus-wmi.h | 1 + drivers/platform/x86/x86-android-tablets/dmi.c | 1 - drivers/powercap/intel_rapl_common.c | 35 ++++++- drivers/scsi/lpfc/lpfc_bsg.c | 2 +- drivers/spi/spi-bcm63xx.c | 1 + drivers/spi/spidev.c | 2 + drivers/usb/class/usbtmc.c | 2 +- drivers/usb/serial/pl2303.c | 1 + drivers/usb/serial/pl2303.h | 4 + fs/ocfs2/xattr.c | 27 +++-- fs/smb/client/connect.c | 14 ++- include/drm/drm_accel.h | 18 +--- include/drm/drm_file.h | 5 + net/mac80211/tx.c | 4 +- net/netfilter/nft_socket.c | 41 +++++++- sound/pci/hda/patch_hdmi.c | 1 + sound/pci/hda/patch_realtek.c | 76 +++++++++----- sound/soc/amd/acp/acp-sof-mach.c | 2 + sound/soc/amd/yc/acp6x-mach.c | 7 ++ sound/soc/au1x/db1200.c | 1 + sound/soc/codecs/chv3-codec.c | 1 + sound/soc/codecs/tda7419.c | 1 + sound/soc/google/chv3-i2s.c | 1 + sound/soc/intel/common/soc-acpi-intel-cht-match.c | 1 - sound/soc/intel/keembay/kmb_platform.c | 1 + sound/soc/mediatek/mt8188/mt8188-afe-pcm.c | 1 + sound/soc/mediatek/mt8188/mt8188-mt6359.c | 17 +++- sound/soc/sof/mediatek/mt8195/mt8195.c | 3 + tools/hv/Makefile | 2 +- 69 files changed, 450 insertions(+), 359 deletions(-)

2 weeks, 3 days

12
69
0 0

[PATCH v6.6-v4.19] wifi: mac80211: Avoid address calculations via out of bounds array indexing

by hsimeliere.opensource＠witekio.com

From: Kenton Groombridge <concord(a)gentoo.org> commit 2663d0462eb32ae7c9b035300ab6b1523886c718 upstream. req->n_channels must be set before req->channels[] can be used. This patch fixes one of the issues encountered in [1]. [ 83.964255] UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:364:4 [ 83.964258] index 0 is out of range for type 'struct ieee80211_channel *[]' [...] [ 83.964264] Call Trace: [ 83.964267] <TASK> [ 83.964269] dump_stack_lvl+0x3f/0xc0 [ 83.964274] __ubsan_handle_out_of_bounds+0xec/0x110 [ 83.964278] ieee80211_prep_hw_scan+0x2db/0x4b0 [ 83.964281] __ieee80211_start_scan+0x601/0x990 [ 83.964291] nl80211_trigger_scan+0x874/0x980 [ 83.964295] genl_family_rcv_msg_doit+0xe8/0x160 [ 83.964298] genl_rcv_msg+0x240/0x270 [...] [1] https://bugzilla.kernel.org/show_bug.cgi?id=218810 Co-authored-by: Kees Cook <keescook(a)chromium.org> Signed-off-by: Kees Cook <kees(a)kernel.org> Signed-off-by: Kenton Groombridge <concord(a)gentoo.org> Link: https://msgid.link/20240605152218.236061-1-concord@gentoo.org Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource(a)witekio.com> --- net/mac80211/scan.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c index 62c22ff329ad..d81b49fb6458 100644 --- a/net/mac80211/scan.c +++ b/net/mac80211/scan.c @@ -357,7 +357,8 @@ static bool ieee80211_prep_hw_scan(struct ieee80211_sub_if_data *sdata) struct cfg80211_scan_request *req; struct cfg80211_chan_def chandef; u8 bands_used = 0; - int i, ielen, n_chans; + int i, ielen; + u32 *n_chans; u32 flags = 0; req = rcu_dereference_protected(local->scan_req, @@ -367,34 +368,34 @@ static bool ieee80211_prep_hw_scan(struct ieee80211_sub_if_data *sdata) return false; if (ieee80211_hw_check(&local->hw, SINGLE_SCAN_ON_ALL_BANDS)) { + local->hw_scan_req->req.n_channels = req->n_channels; + for (i = 0; i < req->n_channels; i++) { local->hw_scan_req->req.channels[i] = req->channels[i]; bands_used |= BIT(req->channels[i]->band); } - - n_chans = req->n_channels; } else { do { if (local->hw_scan_band == NUM_NL80211_BANDS) return false; - n_chans = 0; + n_chans = &local->hw_scan_req->req.n_channels; + *n_chans = 0; for (i = 0; i < req->n_channels; i++) { if (req->channels[i]->band != local->hw_scan_band) continue; - local->hw_scan_req->req.channels[n_chans] = + local->hw_scan_req->req.channels[(*n_chans)++] = req->channels[i]; - n_chans++; + bands_used |= BIT(req->channels[i]->band); } local->hw_scan_band++; - } while (!n_chans); + } while (!*n_chans); } - local->hw_scan_req->req.n_channels = n_chans; ieee80211_prepare_scan_chandef(&chandef, req->scan_width); if (req->flags & NL80211_SCAN_FLAG_MIN_PREQ_CONTENT) -- 2.43.0

2 weeks, 3 days

1
1
0 0

[PATCH 6.1 0/2] io_uring/io-wq: respect cgroup cpusets

by Felix Moessbauer

Hi, as discussed in [1], this is a manual backport of the remaining two patches to let the io worker threads respect the affinites defined by the cgroup of the process. In 6.1 one worker is created per NUMA node, while in da64d6db3bd3 ("io_uring: One wqe per wq") this is changed to only have a single worker. As this patch is pretty invasive, Jens and me agreed to not backport it. Instead we now limit the workers cpuset to the cpus that are in the intersection between what the cgroup allows and what the NUMA node has. This leaves the question what to do in case the intersection is empty: To be backwarts compatible, we allow this case, but restrict the cpumask of the poller to the cpuset defined by the cgroup. We further believe this is a reasonable decision, as da64d6db3bd3 drops the NUMA awareness anyways. [1] https://lore.kernel.org/lkml/ec01745a-b102-4f6e-abc9-abd636d36319@kernel.dk Best regards, Felix Moessbauer Siemens AG Felix Moessbauer (2): io_uring/io-wq: do not allow pinning outside of cpuset io_uring/io-wq: inherit cpuset of cgroup in io worker io_uring/io-wq.c | 33 ++++++++++++++++++++++++++------- 1 file changed, 26 insertions(+), 7 deletions(-) -- 2.39.2

2 weeks, 3 days

5
7
0 0

[PATCH 2/2] clk: samsung: Fixes PLL locktime for PLL142XX used on FSD platfom

by Varada Pavani

Add PLL locktime for PLL142XX controller. Fixes: 4f346005aaed ("clk: samsung: fsd: Add initial clock support") Cc: stable(a)vger.kernel.org Signed-off-by: Varada Pavani <v.pavani(a)samsung.com> --- drivers/clk/samsung/clk-pll.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/clk/samsung/clk-pll.c b/drivers/clk/samsung/clk-pll.c index 4be879ab917e..d4c5ae20de4f 100644 --- a/drivers/clk/samsung/clk-pll.c +++ b/drivers/clk/samsung/clk-pll.c @@ -206,6 +206,7 @@ static const struct clk_ops samsung_pll3000_clk_ops = { */ /* Maximum lock time can be 270 * PDIV cycles */ #define PLL35XX_LOCK_FACTOR (270) +#define PLL142XX_LOCK_FACTOR (150) #define PLL35XX_MDIV_MASK (0x3FF) #define PLL35XX_PDIV_MASK (0x3F) @@ -272,7 +273,11 @@ static int samsung_pll35xx_set_rate(struct clk_hw *hw, unsigned long drate, } /* Set PLL lock time. */ - writel_relaxed(rate->pdiv * PLL35XX_LOCK_FACTOR, + if (pll->type == pll_142xx) + writel_relaxed(rate->pdiv * PLL142XX_LOCK_FACTOR, + pll->lock_reg); + else + writel_relaxed(rate->pdiv * PLL35XX_LOCK_FACTOR, pll->lock_reg); /* Change PLL PMS values */ -- 2.17.1

2 weeks, 3 days

2
2
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror September 2024